Pay-by-bonk chip lets hackers pop all your favourite phones Blood is flowing on the floor of the Pwn2Own challenge slaughterhouse, after whitehats hacked their way through an Apple iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire, most often by using Near Field Communications. The annual contest backed by HP, BlackBerry and Google, and run by HP's Zero Day Initiative …
"Seems a bit odd that they used an outdated device."
I'd suggest they generally choose the latest phones purely for the PR value. In reality the problem of device insecurity is greatest for all the devices out in the field in their millions and long since "unsupported" by their makers, and it is a pity that the competition didn't look at those. For example there's about four times the number of Galaxy S3 in use compared to S5, I'd guess other makes have similar situations.
If makers were embarrassed about the problems on models they'd decided to abandon, then we might see a better approach to supporting older devices.
"Pay-by-bonk chip lets hackers pop all your favourite phones "
So does 'Near Field Communications' mean Bluetooth?
I'm gonna have to switch that on again? not used it for years.
why cant we wave the phone at the Pay-by-bonk station and then type a PIN in? Not that that would stop any af these hacks, just grunbling about basic effortless security procedures being thrown out the window.
I disable anything that looks like radio, unless I'm using a radio device of that kind.
I don't disable 3G, but if you're not using Bluetooth, NFC, wireless etc. then why would you want them turned on anyway? For the same reason, I turn off Wifi on the ISP-supplied routers and use my own behind it.
I bought S4 minis for myself and my girlfriend. First thing I did - went through, turned all that stuff off (including S-Beam and DLNA and whatever else). Neither of us have missed it. We can turn on Bluetooth if we want to use a headset. We've had no cause to turn either of them on or off more than a couple of times each in the last six months. And NFC only got turned on because I was showing her how you can read info off NFC cards.
I leave them all enabled because I use them.
Bluetooth is on when I leave my office so it pairs with my headphones.
NFC is combined with tasker to switch the state of my devices automagically when I put them down in different rooms. NFC stickers are pennies and it's an easy way to set your phone to a profile suitable for the room you're in
Wifi is always on because I'd rather use that radio than 3G because it's much lower latency for web.
3g is on because I can't always get Wifi.
Yes, there's a potential for attack in all these channels, no it doesn't bother me. There's risk in every activity, if you're aware of it and plan accordingly, there's no reason not to partake. I really love the capabilities of newer devices, I use them and they make a lot of things in my life a little easier, a little faster or a little more capable.
Sure it's not in everyone's risk appetite, but it is in mine. For me the pay off far outweighs the risk. Not everything is, I won't use a credit card in the US any more for example. (not until they get chip and pin at least)
Have an Android and found an app on the store called "Phone Schedule". Turns off and on all the relevant radio's when I need them but my routine is fairly predictable, so this works fine for me (but probably not useful to a lot of other people). Everything else that can be turned off that I do not need or use, is turned off. Does this make it safe to use the phone in public? Doubt it as there is bound to be some other issue / part / bit / thingy (real IT phrase), that allows the hackers to get in. Do what we can and hope for the best.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
